npm - twikoo-func - Versions diffs - 1.5.1 → 1.5.4 - Mend

twikoo-func 1.5.1 → 1.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.js +101 -21
package/package.json +1 -1

package/index.js CHANGED Viewed

@@ -50,20 +50,24 @@ const RES_CODE = {
   UPLOAD_FAILED: 1040
 }
 const ADMIN_USER_ID = 'admin'
+const MAX_REQUEST_TIMES = parseInt(process.env.TWIKOO_THROTTLE) || 250
 // 全局变量 / variables
 // 警告：全局定义的变量，会被云函数缓存，请慎重定义全局变量
 // 参考 https://docs.cloudbase.net/cloud-function/deep-principle.html 中的 “实例复用”
 let config
 let transporter
+const requestTimes = {}
 // 云函数入口点 / entry point
 exports.main = async (event, context) => {
+  console.log('请求ＩＰ：', auth.getClientIP())
   console.log('请求方法：', event.event)
   console.log('请求参数：', event)
   let res = {}
-  await readConfig()
   try {
+    protect()
+    await readConfig()
     switch (event.event) {
       case 'GET_FUNC_VERSION':
         res = getFuncVersion()
@@ -87,7 +91,7 @@ exports.main = async (event, context) => {
         res = await commentLike(event)
         break
       case 'COMMENT_SUBMIT':
-        res = await commentSubmit(event)
+        res = await commentSubmit(event, context)
         break
       case 'POST_SUBMIT':
         res = await postSubmit(event.comment, context)
@@ -834,7 +838,7 @@ async function like (id, uid) {
  * @param {String} event.pid 回复的 ID
  * @param {String} event.rid 评论楼 ID
  */
-async function commentSubmit (event) {
+async function commentSubmit (event, context) {
   const res = {}
   // 参数校验
   validate(event, ['url', 'ua', 'comment'])
@@ -848,7 +852,7 @@ async function commentSubmit (event) {
   // 异步垃圾检测、发送评论通知
   try {
     await app.callFunction({
-      name: 'twikoo',
+      name: context.function_name,
       data: { event: 'POST_SUBMIT', comment }
     }, { timeout: 300 }) // 设置较短的 timeout 来实现异步
   } catch (e) {
@@ -1168,6 +1172,12 @@ async function limitFilter () {
 // 预垃圾评论检测
 function preCheckSpam (comment) {
+  // 长度限制
+  let limitLength = parseInt(config.LIMIT_LENGTH)
+  if (Number.isNaN(limitLength)) limitLength = 500
+  if (limitLength && comment.length > limitLength) {
+    throw new Error('评论内容过长')
+  }
   if (config.AKISMET_KEY === 'MANUAL_REVIEW') {
     // 人工审核
     console.log('已使用人工审核模式，评论审核后才会发表~')
@@ -1386,9 +1396,9 @@ async function emailTest (event) {
   const isAdminUser = await isAdmin()
   if (isAdminUser) {
     try {
-      if (!transporter) {
-        await initMailer({ throwErr: true })
-      }
+      // 邮件测试前清除 transporter，保证读取的是最新的配置
+      transporter = null
+      await initMailer({ throwErr: true })
       const sendResult = await transporter.sendMail({
         from: config.SENDER_EMAIL,
         to: event.mail || config.BLOGGER_EMAIL || config.SENDER_EMAIL,
@@ -1410,21 +1420,16 @@ async function uploadImage (event) {
   const { photo, fileName } = event
   const res = {}
   try {
-    if (!config.IMAGE_CDN_TOKEN) {
+    if (!config.IMAGE_CDN || !config.IMAGE_CDN_TOKEN) {
       throw new Error('未配置图片上传服务')
     }
-    const formData = new FormData()
-    formData.append('image', base64UrlToReadStream(photo, fileName))
-    const uploadResult = await axios.post('https://7bu.top/api/upload', formData, {
-      headers: {
-        ...formData.getHeaders(),
-        token: config.IMAGE_CDN_TOKEN
-      }
-    })
-    if (uploadResult.data.code === 200) {
-      res.data = uploadResult.data.data
-    } else {
-      throw new Error(uploadResult.data.msg)
+    // tip: qcloud 图床走前端上传，其他图床走后端上传
+    if (config.IMAGE_CDN === '7bu') {
+      await uploadImageTo7Bu({ photo, fileName, config, res })
+    } else if (config.IMAGE_CDN === 'smms') {
+      await uploadImageToSmms({ photo, fileName, config, res })
+    } else if (isUrl(config.IMAGE_CDN)) {
+      await uploadImageToLskyPro({ photo, fileName, config, res })
     }
   } catch (e) {
     console.error(e)
@@ -1434,6 +1439,64 @@ async function uploadImage (event) {
   return res
 }
+async function uploadImageTo7Bu ({ photo, fileName, config, res }) {
+  // 去不图床旧版本 https://7bu.top
+  // TODO: 2022 年 4 月 30 日后去不图床将会升级新版本，此处逻辑要同步更新
+  const formData = new FormData()
+  formData.append('image', base64UrlToReadStream(photo, fileName))
+  const uploadResult = await axios.post('https://7bu.top/api/upload', formData, {
+    headers: {
+      ...formData.getHeaders(),
+      token: config.IMAGE_CDN_TOKEN
+    }
+  })
+  if (uploadResult.data.code === 200) {
+    res.data = uploadResult.data.data
+  } else {
+    throw new Error(uploadResult.data.msg)
+  }
+}
+async function uploadImageToSmms ({ photo, fileName, config, res }) {
+  // SM.MS 图床 https://sm.ms
+  const formData = new FormData()
+  formData.append('smfile', base64UrlToReadStream(photo, fileName))
+  const uploadResult = await axios.post('https://sm.ms/api/v2/upload', formData, {
+    headers: {
+      ...formData.getHeaders(),
+      Authorization: config.IMAGE_CDN_TOKEN
+    }
+  })
+  if (uploadResult.data.success) {
+    res.data = uploadResult.data.data
+  } else {
+    throw new Error(uploadResult.data.message)
+  }
+}
+async function uploadImageToLskyPro ({ photo, fileName, config, res }) {
+  // 自定义兰空图床（v2）URL
+  const formData = new FormData()
+  formData.append('file', base64UrlToReadStream(photo, fileName))
+  const url = `${config.IMAGE_CDN}/api/v1/upload`
+  let token = config.IMAGE_CDN_TOKEN
+  if (!token.startsWith('Bearer')) {
+    token = `Bearer ${token}`
+  }
+  const uploadResult = await axios.post(url, formData, {
+    headers: {
+      ...formData.getHeaders(),
+      Authorization: token
+    }
+  })
+  if (uploadResult.data.status) {
+    res.data = uploadResult.data.data
+    res.data.url = res.data.links.url
+  } else {
+    throw new Error(uploadResult.data.message)
+  }
+}
 function base64UrlToReadStream (base64Url, fileName) {
   const base64 = base64Url.split(';base64,').pop()
   const path = `/tmp/${fileName}`
@@ -1441,6 +1504,10 @@ function base64UrlToReadStream (base64Url, fileName) {
   return fs.createReadStream(path)
 }
+function isUrl (s) {
+  return /^http(s)?:\/\//.test(s)
+}
 function getAvatar (comment) {
   if (comment.avatar) {
     return comment.avatar
@@ -1497,7 +1564,8 @@ function getConfig () {
       REQUIRED_FIELDS: config.REQUIRED_FIELDS,
       HIDE_ADMIN_CRYPT: config.HIDE_ADMIN_CRYPT,
       HIGHLIGHT: config.HIGHLIGHT || 'true',
-      HIGHLIGHT_THEME: config.HIGHLIGHT_THEME
+      HIGHLIGHT_THEME: config.HIGHLIGHT_THEME,
+      LIMIT_LENGTH: config.LIMIT_LENGTH
     }
   }
 }
@@ -1534,6 +1602,18 @@ async function setConfig (event) {
   }
 }
+function protect () {
+  // 防御
+  const ip = auth.getClientIP()
+  requestTimes[ip] = (requestTimes[ip] || 0) + 1
+  if (requestTimes[ip] > MAX_REQUEST_TIMES) {
+    console.log(`${ip} 当前请求次数为 ${requestTimes[ip]}，已超过最大请求次数`)
+    throw new Error('Too Many Requests')
+  } else {
+    console.log(`${ip} 当前请求次数为 ${requestTimes[ip]}`)
+  }
+}
 // 读取配置
 async function readConfig () {
   try {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "twikoo-func",
-  "version": "1.5.1",
+  "version": "1.5.4",
   "description": "A simple comment system based on Tencent CloudBase (tcb).",
   "author": "imaegoo <hello@imaegoo.com> (https://github.com/imaegoo)",
   "license": "MIT",